{ pkgs, lib, ... }: let util = import ./util.nix { inherit lib; }; me = util.checkMe (import ./me.nix); security = import ./security.nix; in { system.stateVersion = "23.05"; imports = [ ./modules (./hardware + "/${me.name}.nix") (./machines + "/${me.name}.nix") ]; nix.settings.experimental-features = [ "flakes" "nix-command" ]; nixpkgs = { config.allowUnfree = true; overlays = [ (super: final: import ./pkgs final )]; }; boot.loader.systemd-boot.enable = true; users.mutableUsers = false; users.users.mel = { isNormalUser = true; home = "/home/mel"; shell = pkgs.fish; extraGroups = [ "wheel" "docker" ]; openssh.authorizedKeys.keys = security.keys; hashedPassword = security.password; }; users.motd = '' /^ /^ \ ' ' 7 < Hi, I'm ${util.titleCase me.name} / \ ''; networking = { hostName = me.name; firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; trustedInterfaces = [ "tailscale0" ]; }; }; services = { openssh = { enable = true; openFirewall = false; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = "no"; }; }; tailscale = { enable = true; useRoutingFeatures = "client"; }; nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; }; }; virtualisation = { docker = { enable = true; enableOnBoot = true; }; }; security.acme = { acceptTerms = true; defaults.email = "einebeere@gmail.com"; }; programs = { vim = { defaultEditor = true; package = pkgs.vim_configurable.customize { vimrcFile = ./configs/.vimrc; }; }; fish = { enable = true; interactiveShellInit = '' set fish_greeting ''; }; git.enable = true; tmux.enable = true; }; services.nginx.virtualHosts = { default = { default = true; }; "${me.name}.rnrd.eu" = { root = "/var/www/html"; forceSSL = true; enableACME = true; }; }; environment.systemPackages = with pkgs; [ file unzip jq dig htop wget inetutils tcpdump ripgrep gnumake gdb glances ]; }